new file mode 100644
@@ -0,0 +1,86 @@
+From 7df372e9d31d7c993a22b913c813a5f7ec4f3692 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Mon, 9 Mar 2026 10:02:53 +0100
+Subject: [PATCH] check maxlen to be at least 1
+
+maxlen-- on 0 will become a high value.
+
+Fixes https://github.com/libexif/libexif/issues/247
+
+CVE: CVE-2026-32775
+Upstream-Status: Backport from [https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libexif/apple/mnote-apple-entry.c | 2 ++
+ libexif/canon/mnote-canon-entry.c | 2 ++
+ libexif/fuji/mnote-fuji-entry.c | 1 +
+ libexif/olympus/mnote-olympus-entry.c | 2 ++
+ libexif/pentax/mnote-pentax-entry.c | 1 +
+ 5 files changed, 8 insertions(+)
+
+diff --git a/libexif/apple/mnote-apple-entry.c b/libexif/apple/mnote-apple-entry.c
+index 6740d8e..337e51b 100644
+--- a/libexif/apple/mnote-apple-entry.c
++++ b/libexif/apple/mnote-apple-entry.c
+@@ -43,6 +43,8 @@ mnote_apple_entry_get_value(MnoteAppleEntry *entry, char *v, unsigned int maxlen
+
+ if (!entry)
+ return NULL;
++ if (maxlen < 1)
++ return NULL;
+
+ memset(v, 0, maxlen);
+ maxlen--;
+diff --git a/libexif/canon/mnote-canon-entry.c b/libexif/canon/mnote-canon-entry.c
+index 52a7077..372fcdf 100644
+--- a/libexif/canon/mnote-canon-entry.c
++++ b/libexif/canon/mnote-canon-entry.c
+@@ -559,6 +559,8 @@ mnote_canon_entry_get_value (const MnoteCanonEntry *entry, unsigned int t, char
+
+ if (!entry)
+ return NULL;
++ if (maxlen < 1)
++ return NULL;
+
+ data = entry->data;
+ size = entry->size;
+diff --git a/libexif/fuji/mnote-fuji-entry.c b/libexif/fuji/mnote-fuji-entry.c
+index add7086..dd33900 100644
+--- a/libexif/fuji/mnote-fuji-entry.c
++++ b/libexif/fuji/mnote-fuji-entry.c
+@@ -199,6 +199,7 @@ mnote_fuji_entry_get_value (MnoteFujiEntry *entry,
+ int i, j;
+
+ if (!entry) return (NULL);
++ if (maxlen < 1) return NULL;
+
+ memset (val, 0, maxlen);
+ maxlen--;
+diff --git a/libexif/olympus/mnote-olympus-entry.c b/libexif/olympus/mnote-olympus-entry.c
+index 679fb50..d5eb60e 100644
+--- a/libexif/olympus/mnote-olympus-entry.c
++++ b/libexif/olympus/mnote-olympus-entry.c
+@@ -284,6 +284,8 @@ mnote_olympus_entry_get_value (MnoteOlympusEntry *entry, char *v, unsigned int m
+
+ if (!entry)
+ return (NULL);
++ if (maxlen < 1)
++ return NULL;
+
+ memset (v, 0, maxlen);
+ maxlen--;
+diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
+index 32b537b..d3c96f8 100644
+--- a/libexif/pentax/mnote-pentax-entry.c
++++ b/libexif/pentax/mnote-pentax-entry.c
+@@ -315,6 +315,7 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
+ int i = 0, j = 0;
+
+ if (!entry) return (NULL);
++ if (maxlen < 1) return (NULL);
+
+ memset (val, 0, maxlen);
+ maxlen--;
+--
+2.50.1
+
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/libexif-${PV}.tar.bz2 \
file://0001-Add-serial-tests-config-needed-by-ptest.patch \
file://run-ptest \
+ file://CVE-2026-32775.patch \
"
SRC_URI[sha256sum] = "d47564c433b733d83b6704c70477e0a4067811d184ec565258ac563d8223f6ae"
Pick patch from [1] also mentioned at NVD report in [2] [1] https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-32775 [3] https://security-tracker.debian.org/tracker/CVE-2026-32775 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../libexif/libexif/CVE-2026-32775.patch | 86 +++++++++++++++++++ .../recipes-support/libexif/libexif_0.6.24.bb | 1 + 2 files changed, 87 insertions(+) create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-32775.patch